Skip to main content
Skip to footer
塔塔咨询服务 塔塔咨询服务
  • 我们的服务
  • 我们是谁
  • 新闻中心
  • 客户案例
  • 职业发展
联系我们
TCS全球
tata.comtata.com在新的标签页中打开
  • 概况 按Tab键查看子菜单项

    以技术创新引领企业转型与升级

    塔塔咨询服务是全球领先的IT咨询、服务和商业解决方案的公司,已助力大型企业转型之旅超过50年。

    了解TCS服务范围
  • 行业
    • 银行和金融服务
    • 消费品与零售
    • 生命科学与医疗健康
    • 高科技
    • 制造业
    • 旅游和交通业
  • 服务
    • 云计算
    • 智能商业运营
    • 咨询
    • 网络安全
    • 数据与分析
    • 企业应用软件
    • 物联网和数字化工程
    • 可持续发展
概况
  • 行业 expand here
    • 银行和金融服务
    • 消费品与零售
    • 生命科学与医疗健康
    • 高科技
    • 制造业
    • 旅游和交通业
  • 服务 expand here
    • 云计算
    • 智能商业运营
    • 咨询
    • 网络安全
    • 数据与分析
    • 企业应用软件
    • 物联网和数字化工程
    • 可持续发展
    • 概况 按Tab键查看子菜单项

      我们致力于向上向善,推动积极变化,造福人人。

      我们专业的、坚定的团队每天都在努力,将我们共同的信念付诸行动。我们运用创新和集体知识,创造出非凡的成就。

      了解TCS的优势
    • 关于我们
      • 企业可持续发展
      • 多样性、公平性和包容性
      • 企业社会责任
      • The TCS Way
      • 合作伙伴
      • 体育赞助
    概况
  • 关于我们 expand here
    • 企业可持续发展
    • 多样性、公平性和包容性
    • 企业社会责任
    • The TCS Way
    • 合作伙伴
    • 体育赞助
    • 概况 按Tab键查看子菜单项

      新闻动态

      发现塔塔咨询服务的最新资讯、活动和公告。

      开始探索
    • 新闻中心
    概况
  • 新闻中心
    • 概况 按Tab键查看子菜单项

      客户案例

      TCS在过去的50多年中持续同许多全球化大企业合作,助力其业务转型之旅。

      开始探索
    • 客户案例
    概况
  • 客户案例
    • 概况 按Tab键查看子菜单项

      专业成就非凡

      在TCS,我们相信卓越的工作始于聘用、培养和激励最优秀的人才 — 来自各行各业。

      发现职位
    • 职业发展
    概况
  • 职业发展
  • 塔塔咨询服务 塔塔咨询服务 Opens in new tab tata.com tata.com在新的标签页中打开 Search
    我们的服务
    • 概况 按Tab键查看子菜单项

      以技术创新引领企业转型与升级

      塔塔咨询服务是全球领先的IT咨询、服务和商业解决方案的公司,已助力大型企业转型之旅超过50年。

      了解TCS服务范围
    • 行业
      • 银行和金融服务
      • 消费品与零售
      • 生命科学与医疗健康
      • 高科技
      • 制造业
      • 旅游和交通业
    • 服务
      • 云计算
      • 智能商业运营
      • 咨询
      • 网络安全
      • 数据与分析
      • 企业应用软件
      • 物联网和数字化工程
      • 可持续发展
    概况
  • 行业 expand here
    • 银行和金融服务
    • 消费品与零售
    • 生命科学与医疗健康
    • 高科技
    • 制造业
    • 旅游和交通业
  • 服务 expand here
    • 云计算
    • 智能商业运营
    • 咨询
    • 网络安全
    • 数据与分析
    • 企业应用软件
    • 物联网和数字化工程
    • 可持续发展
  • 我们是谁
    • 概况 按Tab键查看子菜单项

      我们致力于向上向善,推动积极变化,造福人人。

      我们专业的、坚定的团队每天都在努力,将我们共同的信念付诸行动。我们运用创新和集体知识,创造出非凡的成就。

      了解TCS的优势
    • 关于我们
      • 企业可持续发展
      • 多样性、公平性和包容性
      • 企业社会责任
      • The TCS Way
      • 合作伙伴
      • 体育赞助
    概况
  • 关于我们 expand here
    • 企业可持续发展
    • 多样性、公平性和包容性
    • 企业社会责任
    • The TCS Way
    • 合作伙伴
    • 体育赞助
  • 新闻中心
    • 概况 按Tab键查看子菜单项

      新闻动态

      发现塔塔咨询服务的最新资讯、活动和公告。

      开始探索
    • 新闻中心
    概况
  • 新闻中心
  • 客户案例
    • 概况 按Tab键查看子菜单项

      客户案例

      TCS在过去的50多年中持续同许多全球化大企业合作,助力其业务转型之旅。

      开始探索
    • 客户案例
    概况
  • 客户案例
  • 职业发展
    • 概况 按Tab键查看子菜单项

      专业成就非凡

      在TCS,我们相信卓越的工作始于聘用、培养和激励最优秀的人才 — 来自各行各业。

      发现职位
    • 职业发展
    概况
  • 职业发展
  • 联系我们
    TCS全球
    tata.com tata.com Opens in new tab
    Top Results
    Showing
    10
    01 - 07
    • Cybersecurity
    • Article

    Strategizing against zero-day exploit

    You have these already downloaded

    We have sent you a copy of the report to your email again.

    Highlights

    • Malicious attackers have become proficient in identifying IT system vulnerabilities and launching zero-day attacks.
    • These attacks are carried out using methods unknown to security professionals, they pose a serious threat to organizations worldwide.

    In this article

    what is zero-day? 页面内
    exploiting work 页面内
    Use case 页面内
    working against it 页面内
    what is zero-day? 页面内
    exploiting work 页面内
    Use case 页面内
    working against it 页面内
    Back to top Go to top
    In this article页面内
    Go to top
    what is zero-day? exploiting work Use case working against it

    What is a zero-day?

    Combating and understanding an unknown vulnerability

    A zero-day (also known as a 0-day) is a vulnerability unknown to those responsible for fixing it. A zero-day exploit takes advantage of this vulnerability to harm additional computers, data, programs, or a network.

    Software vulnerabilities can be used to gain access to sensitive information. Since many countries use the same software, it is possible to exploit one specific vulnerability against thousands of people. To reduce the risk of exploitation, it is important to keep software updated and patch any vulnerabilities as soon as possible.

    Usually, government institutions handle this issue. However, in many countries, such institutions are likely to conflict with the desire of the government to obtain people's personal information to combat crime. Consequently, national security agencies and criminals hide specific software vulnerabilities from users and developers.

     

    Exploiting work 

    The three stages of Zero-day attacks

    • Vulnerability

    • Exploit

    • Attack

    Malicious attackers seek loopholes to exploit infrastructure, critical data, and applications. An attacker can easily access systems through multiple cyberattack methods, such as JNDI attacks, injection, and cross-site scripts.

    Use cases

    Contextualizing zero-day

    Operation Aurora, a series of cyberattacks in 2009, was a high-profile zero-day exploit that targeted enterprises such as Adobe Systems, Google, Yahoo, and others. This vulnerability was designed to compromise the source code of these companies so attackers could modify them.

    In late 2014, Sony Pictures was hit by a zero-day attack that left the company unusable and allowed private company data to be released on public file-sharing sites. The email addresses of Sony executives, details of upcoming movies, and business plans were among the information compromised. However, it is unclear how the Sony attack used the specific vulnerability.

    An organization's zero-day vulnerability strategy is crucial to the safety of its customers, employees, and business data.

    Working against it

    Detecting the unknown software vulnerabilities is now possible

    It is often possible for zero-day attacks to remain undetected after being launched, even against secure networks. Therefore, users of so-called secure systems must exercise caution and practice good computer habits. Patches or antivirus signatures are not yet available for zero-day exploits, which makes them difficult to detect.

    • Buffer overflows: It limits the effectiveness of zero-day memory corruption vulnerabilities. Modern operating systems such as macOS, Windows Vista, Linux, Solaris, Unix, and Unix-like environments feature these protection mechanisms. Desktop and server protection software can also mitigate zero-day buffer overflow vulnerabilities. Heuristic termination analysis is usually used in these technologies to prevent attacks before they can cause any damage.

    • In-depth system monitoring: Companies need to monitor as many events as possible to detect modern zero-day attacks, which include all network traffic, all hidden system processes, all existing hooks, all floating code, and so on. A behavior analysis algorithm can effectively process events in streams rather than individually. It detects and records the relationships between different sets of acquired data. However, it demands a lot of time and effort.

    • Baseline with behavior analysis: In behavior analysis algorithms, all monitored data and any previously recorded data are further analyzed in real-time to establish a baseline of normal behavior. Behavioral analysis algorithms must be able to analyze all future events as a unified stream instead of treating them individually to predict future events. A larger dataset can establish a more accurate baseline, which, in turn, allows to detect deviations from the stated baseline with greater accuracy. This also enables the creation of a baseline that includes both malware and non-malware attacks, which is time-consuming and expensive.

    • Web Application Firewall (WAF): It is intended to be the fastest method to filter out malicious traffic and prevent vulnerabilities from being exploited. Zero-day attacks are a major problem for security. Flaws must be found, patched, and made safe, but web traffic can still target vulnerabilities. To stay updated, WAF must be able to act in real-time and keep adapting.

    A program that would offer a monetary reward to security researchers who choose to responsibly disclose vulnerabilities instead of selling the information to the highest bidder could potentially solve this problem. By working together and sharing the information they discover with software vendors, security researchers can help to combat the threat of hackers before they have a chance to exploit the vulnerabilities. Companies should apply patches as soon as possible to reduce the exposure window for any given vulnerability.

     

    The detection of previously unknown software vulnerabilities can be accomplished through several strategies.

    Explore more insights

    1/4

    Cybersecurity: The only future-proofed career?

    报告 | 17 Aug 2022   Opens in new tab
    2/4

    Metaverse: The treasure trove every big tech is after

    报告 | 16 Aug 2022   Opens in new tab
    3/4

    Context awareness - The new face of cybersecurity

    报告 | 16 Aug 2022   Opens in new tab
    4/4

    Revolution of threat modeling and counter-intelligence for future

    报告 | 16 Aug 2022   Opens in new tab
    行业
    • 银行和金融服务
    • 消费品与零售
    • 生命科学与医疗健康
    • 高科技
    • 制造业
    • 旅游和交通业
    服务
    • 云计算
    • 智能商业运营
    • 咨询
    • 网络安全
    • 数据与分析
    • 企业应用软件
    • 物联网和数字化工程
    • 可持续发展
    前沿洞察
    • Health & Wellness
    • 网络安全
    • 云计算
    • 元宇宙
    • 区块链
    • 可持续发展
    • 人工智能和机器学习
    • 工作的未来
    • 数据存储和分析
    • 物联网
    关于我们
    • 企业可持续发展
    • 多样性、公平性和包容性
    • 企业社会责任
    • The TCS Way
    • 体育赞助
    • 合作伙伴
    更多信息
    • 新闻动态
    • 招贤纳士
    Tata consultancy services
    ©2023 TATA Consultancy Services Limited
    ©2023 TATA Consultancy Services Limited
    • 隐私政策
    • Cookie政策
    • 免责声明
    • 安全政策
    • 定制Cookie
    更多
    • Facebook在新的标签页中打开 Facebook
    • Youtube在新的标签页中打开 Youtube
    • Twitter在新的标签页中打开 Twitter
    • Instagram在新的标签页中打开 Instagram
    • linkedin在新的标签页中打开 linkedin
    联系我们 联系我们
    有什么可以帮到您?
    告诉我们您在寻找什么样的服务或者信息,我们会帮您找到合适的人来跟进。
    售前咨询
    投资者信息
    Accessibility Adjustments

    Theme

    Font size

    A
    DEFAULT
    A

    Line height

    DEFAULT